Daily Security Briefing #239

April 29, 2026 | Read Online

Critical cPanel vulnerability exposed, AI-powered development environments under attack, and DPRK cyberattacks escalating…

Executive Summary

The past day has seen a flurry of cybersecurity news, with several high-profile vulnerabilities and attacks making headlines. A critical authentication bypass vulnerability in cPanel & WHM has been disclosed, while AI-powered development environments such as Cursor have been targeted by multiple security researchers exposing various flaws. Additionally, a new wave of DPRK cyberattacks has been discovered, utilizing AI-inserted npm malware and fake firms to deploy RATs.

Top Articles

CVE-2026-41940: cPanel & WHM Authentication Bypass A critical vulnerability affecting cPanel & WHM and WP Squared products has been disclosed, allowing unauthenticated remote attackers to bypass authentication and gain unauthorized administrative access. The bug was described as “an issue with session loading and saving” in the cPanel release notes. rapid7.com

Cursor AI Coding Agent Vulnerability Lets Attackers Run Code on Developers’ Machines A high-severity vulnerability in the Cursor AI-powered coding environment could allow attackers to execute arbitrary code on a developer’s machine, raising fresh concerns about the security of AI-assisted development workflows. gbhackers.com

Cursor AI Extension Flaw Exposes Developer Tokens to Credential Theft A high-severity vulnerability in the popular AI-powered development environment, Cursor, exposes developers to immediate credential theft. Any installed extension can silently access a user’s API keys and session tokens without requiring special permissions or user interaction. gbhackers.com

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic’s Claude Opus large language model (LLM). The package in question is “@validate-sdk/v2,” which is listed on npm as a utility software development kit (SDK) for hashing, validation, encoding/decoding, and secure random generation. thehackernews.com

Critical Cursor Vulnerability Exposes Developer Workstations To Remote Code Execution Cybersecurity researchers from Novee have uncovered a high-severity arbitrary code execution vulnerability in the widely used AI-powered IDE, Cursor. Tracked as CVE-2026-26268, this flaw allows attackers to execute malicious code remotely on a developer’s machine. cyberpress.org

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. According to reports from Aikido Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz, the campaign – calling itself the mini Shai-Hulud – has affected the following packages associated with SAP’s JavaScript and cloud application. thehackernews.com

Agents can now create Cloudflare accounts, buy domains, and deploy Starting today, agents can now be Cloudflare customers. They can create a Cloudflare account, start a paid subscription, register a domain, and get back an API token to deploy code right away. blog.cloudflare.com

Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining Hackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers’ servers. bleepingcomputer.com

Experts on Experts: The 2026 Threat Landscape is Moving Faster than Defenders Expect This week on Experts on Experts, I’m joined by Christiaan Beek, Rapid7’s VP of Threat Analytics, to talk through what we’re seeing in the 2026 threat landscape and how it connects to recent research coming out of Rapid7 Labs. rapid7.com

Claude Mythos Has Found 271 Zero-Days in Firefox Since February, the Firefox team has been working around the clock using frontier AI models to find and fix latent security vulnerabilities in the browser. We wrote previously about our collaboration with Anthropic to scan Firefox with Opus 4.6, which led to fixes for 22 security-sensitive bugs in Firefox 148. schneier.com

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.